Description
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70732
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/97757
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031117
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html
Scores
EPSS
0.0033
EPSS Percentile
56.0%
Details
CWE
CWE-310
Status
published
Products (6)
emc/avamar
6.0.1
emc/avamar
6.0.2
emc/avamar
6.0.3
emc/avamar
6.1
emc/avamar
6.1.101-87
emc/avamar
7.0 (2 CPE variants)
Published
Oct 25, 2014
Tracked Since
Feb 18, 2026